The State Department is creating a working group to come up with guidance and procedures on how to gather and store software bills of materials as part of efforts to improve its supply chain risk management, Federal News Network reported Friday.
“We’re not there yet,” Zetra Batiste, enterprise chief information security officer for cybersecurity SCRM at the State Department’s bureau of information resource management, said of SBOM adoption.
“However, we do realize the need for ongoing collaboration with industry and government stakeholders to ensure that we’re harmonizing that federal effort on automating and building a repository of SBOMs for reciprocity,” Batiste added.
She said the department should address some challenges to advance the use of SBOMs, including the need for SBOMs to be machine-readable and automatically generated. She noted that the C-SCRM team is developing a platform to ingest SBOMs.
Batiste noted that the agency currently performs continuous monitoring of software to detect vulnerabilities and works with the Cybersecurity and Infrastructure Security Agency to facilitate threat information sharing.